Views:

Test XDR for Cloud - AWS VPC Flow Log integration in your AWS cloud environment.

Important
Important
XDR for Cloud currently only supports AWS cloud accounts. Support for additional cloud providers is coming soon.
Enabling XDR for Cloud - AWS VPC Flow Logs requires allocating credits. For information about estimating credit usage with XDR for Cloud, see Estimating and monitoring XDR for Cloud usage.
XDR for Cloud - AWS VPC Flow Logs integration allows Trend Vision One to access and monitor your AWS VPC Flow Logs to detected potential threats. The following steps provide a guide on how to test the feature within your environment.

Procedure

  1. Sign in to the AWS account you want to use to test XDR for Cloud - AWS VPC Flow Logs.
  2. Review the VPC Flow Logs recommendations and requirements.
  3. Add your AWS account to Trend Vision One cloud accounts app.
    Follow the steps in Adding an AWS account using CloudFormation and enable the following features and permissions:
    • Core Features
    • XDR for Cloud - AWS VPC Flow Logs
    Note
    Note
    If you want to test integration with an AWS organization account, see Adding AWS Organizations.
  4. After your account successfully connects, use the Search app to verify data is being sent.
    You can search for data using a General Search or the Cloud Activity Data Search method.
  5. Use one of the following demo attacks to trigger a Workbench alert.
    • Demo: Model - Network Connection to Known Suspicious IP Address
    You can also run a Threat Intelligence sweeping test to generate an alert using demo data.